Multiple Network Subnets within same Domain Name Zone

Saunders, Shawn SSaunders at mednet.ucla.edu
Wed Jun 23 18:26:16 UTC 2004 

I have always restricted a single domain to a single network/subnet.  So all
I need is forward / reverse for our two internal networks, and forward only
for our public IP hosts that are part of the same domain.  So I don't have
to break up the domain, into sub-domains, which means we don't have make
changes to the legacy software and workstation configurations.  Cool.

Did I get this right?

Sincerely,
 
Shawn Saunders

-----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com] 
Sent: Wednesday, June 23, 2004 11:10 AM
To: 'BIND Users Mailing List'
Subject: Re: Multiple Network Subnets within same Domain Name Zone

Saunders, Shawn wrote:

>Is there any potential problems to the following scenario?
>
>I am authoritative for a domain, say xyz.com that has some host addresses
>outside my firewall on public IP's.  But I must also, have the hosts,
inside
>my firewall using Private Addresses 192.168.xxx.xxx within the domain
>xyz.com, because of some legacy software that would require a major rewrite
>to access these hosts, if we changed their naming structure.
>
>I just find it odd, to have multiple networks, being resolved to the same
>domain, and if I do this, there is no real way to do the reverse zones for
>the domain, because it would entail having multiple reverse zones for the
>same domain, and is that allowed?
>
Yeah, sure it's allowed. On our internal network, we have a public class 
A, several public class B's, and various private ranges, all 
intermingled within the same forward domain. (Actually, it's a 
many-to-many relationship, since we have have several forward domains too).

You should *not* put private addresses in the Internet DNS, though, and 
if (as you indicated) you use private address ranges, you *must* define 
the relevant reverse zones in your DNS so as to prevent pollution of the 
Internet DNS infrastructure with your private-address reverse lookups. 
As Peter suggested, you may want to look at the "view" feature to 
resolve the same name to different addresses depending on what client 
(internal vs external) is doing the asking. Be aware that this will 
incur parallel maintenance, however...

                                                                         
                                 - Kevin




----------------------------------------------------------
IMPORTANT WARNING:  This email (and any attachments) is only intended for the use of the person or entity to which it is addressed, and may contain information that is privileged and confidential.  You, the recipient, are obligated to maintain it in a safe, secure and confidential manner.  Unauthorized redisclosure or failure to maintain confidentiality may subject you to federal and state penalties. If you are not the intended recipient, please immediately notify us by telephone or return email, and delete this message from your computer.
----------------------------------------------------------

More information about the bind-users mailing list